ACE30: Connectivity between IP subnets on the same VLAN being NATed?

sgonsalv · ‎08-26-2012

Hi Guys,

We have a subnet setup on the ACE as follows:

interface vlan 300

description CALLISTA Environment

ipv6 enable

ip address 2001:388:608c:8b8::fffd/64

alias 2001:388:608c:8b8::fffe/64

peer ip address 2001:388:608c:8b8::fffc/64

ipv6 nd ra interval 30

ipv6 nd prefix 2001:388:608c:8b8::/64

ip address 130.194.13.61 255.255.255.192

ip dhcp relay server 130.194.15.17

ip dhcp relay server 130.194.15.1

alias 130.194.13.62 255.255.255.192

peer ip address 130.194.13.60 255.255.255.192

ip address 130.194.19.220 255.255.255.224 secondary

alias 130.194.19.222 255.255.255.224 secondary

peer ip address 130.194.19.221 255.255.255.224 secondary

access-group input ALLOW

access-group input ALLOWv6

access-group output ALLOW

access-group output ALLOWv6

nat-pool 1 172.16.25.231 172.16.25.231 netmask 255.255.255.255 pat

Notes:

There is the primary subnet 130.194.13.0/26 and the secondary IP subnet 130.194.19.192/27

The nat-pool is configured to allow server initiated connections to their frontend VIP when necessary.

We are noticing that when a server on the 130.194.19.192/27 subnet needs to communicate with a server on 130.194.13.0/26, albeit on the same VLAN, the destination server sees connections with a source IP of 172.16.25.231, which is the NAT address. Is this expected behavior, where connections between IP subnets, albeit on the same VLAN are NATed?

thanks

Sheldon

Kanwaljeet Singh · ‎08-27-2012

Hi Sheldon,

Normally you should not need NAT but if you have a service policy applied which matches the conditions you have defined in class maps, the NAT will be applied.

You have mentioned that NAT pool is configured for server initiated conns and that must be the reason why traffic is getting natted because it must be matching the statement.

Regards,

Kanwal